CVE-2025-48993 — MEDIUM (6.1)

Q: How severe is CVE-2025-48993?

CVE-2025-48993 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-48993?

Check the references section above for vendor advisories and patch information. Affected products include: Intermesh Group-Office.

Vulnerability Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application does not sanitize their input. This could result in a reflected cross-site scripting (XSS) attack. This issue has been patched in versions 6.8.123 and 25.0.27.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Intermesh	Group-Office	< 6.8.123

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-48993?

CVE-2025-48993 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formattin...

How severe is CVE-2025-48993?

CVE-2025-48993 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-48993?

Check the references section above for vendor advisories and patch information. Affected products include: Intermesh Group-Office.